The challenges of cybersecurity

Remo Marini

Reading time: 5'00"

In the digital age, companies and institutions are operating in a rapidly changing technological environment that is characterized by both great opportunities and many risks. Recent events, such as the Crowdstrike incident that caused a global disruption of Microsoft’s services, have highlighted the vulnerability of computer systems and the need for strategic management of digitalization.

But progress is unstoppable, and emerging technologies such as generative artificial intelligence, cloud computing, and quantum computing are revolutionizing the insurance industry, among others, with significant implications for data security and customer trust.

A rapidly growing industry

In the decade 2013-2023, the ICT (Information and Communication Technology) sector grew almost three times faster than the total economy in OECD countries¹.

Specifically, in countries such as the United Kingdom, Germany, Austria and Poland, the ICT sector has averaged more than 8 percent growth over the past 10 years. The estimate for Slovenia, the Czech Republic and Spain is around 7%, while it is just over 6% for France and 4% for Italy.

While digital transformation is a necessary condition for companies to ensure a higher return on investment for their shareholders, not all companies are able to keep up with technological progress, which often outpaces the ability to adapt and seize new opportunities. In fact, as McKinsey², noted, across all the industries analyzed, the companies that are most advanced in terms of digital transformation and adoption of AI-based technologies have a total return to shareholders that is two to six times higher than the rest. This is not only because leading companies understand how to leverage new technologies to create value, but also because they are able to do so more quickly.

One of the key issues facing companies, including insurance companies, is security: how to protect information, sensitive data, and infrastructure to prevent damage to the business and maintain customer trust. As several studies, including one by McKinsey, show, the growth of digitalization is a reality that needs to be addressed; the fact that it is an accelerating and sometimes uncontrolled trend, due to its very rapid evolution, brings with it several challenges that should not be underestimated.

ITC SECTOR GROWTH OUTPERFORMS THE TOTAL ECONOMY

The ICT sector grew almost 3x faster than the total economy in the OECD

Estimates show strong growth of the ICT sector in 2023
Predicted ICT sector growth rate, 2023

The ICT sector shrugged off the COVID-19 pandemic, in contrast to the broader economy

Source Gartner

Today’s challenges: generative AI…

So, while there are huge benefits in terms of speed, efficiency and scientific progress, there are also potential privacy and security risks. In particular, generative artificial intelligence, cloud and quantum computing are revolutionizing the cybersecurity landscape.

In fact, accidents related to the use of AI have increased significantly since 2022. So-called “deepfakes” - fake content that is difficult to distinguish from the original - are documents, images and videos that can be used to defraud insurance companies. For example, by supporting claims with artificially generated evidence that is sometimes difficult to unmask. Another issue is the ability of generative AI to improve the sophistication of social engineering attacks. In fact, current algorithms can generate emails and messages that perfectly replicate the style and tone of authentic communication, increasing the chance that recipients will fall into the scammer’s trap. These attacks can affect both insurance company employees and their customers, leading to the exposure of sensitive data and financial information; therefore it is essential to implement effective threat monitoring and detection strategies, emergency plans and recovery strategies to minimize the impact of attacks or disruptions, and ongoing employee training. Artificial intelligence models themselves can be the target of so-called “adversarial” attacks. These consist of manipulating algorithms to fool the AI, compromising its ability to detect fraud, assess risk, and make accurate decisions.

In addition, ransomware attacks, which consist of encrypting data and demanding a ransom to unlock it, often accompanied by the threat of disclosing the stolen information, have also been on the rise in recent years. The techniques used in these attacks have become more sophisticated and accessible, partly due to the rise of the Ransomware-as-a-Service (RaaS) phenomenon: a service offered by experienced criminal organizations that significantly reduces the barriers to entry.

Traditionally, malware creation required advanced technical skills in programming, software engineering and computer security. Malware developers needed to have in-depth knowledge of system vulnerabilities and security bypass techniques. With the advent of generative AI, this could change dramatically:

Automate code generation: Generative AI tools can generate code based on simple requests. For example, without in-depth technical training, a user could ask an AI model to write code for a dangerous application. These models can produce code that is technically good and, in many cases, complex, significantly reducing the learning effort required to develop malware.
Generate attack techniques: Generative AI can help create advanced attack strategies, such as phishing or vulnerability exploits. For example, language models could generate more persuasive phishing emails or design more believable fake websites using sophisticated social engineering techniques.
Distribution facilitation: Generative AI tools can also facilitate the creation of malware variants and their large-scale distribution. The ability to automatically generate code variants allows malware authors to evade detection systems that often rely on static signatures.

ADDED VALUE

Companies leading in digital and Al outperform financially.

CAGR for TSR, by sector, %¹

Insurance

Consumer²

Energy and materials

¹ S&P 500 index by sector, 2018-22
² Includes consumer packaged goods and retail

Source S&P Capital 1Q; McKinsey analysis IQ: Analisi McKinsey

...and Cloud Computing

In line with the adoption of increasingly sophisticated algorithms and tools, companies are turning to the cloud to store data, run applications, and manage computing resources. It is estimated that by 2027, more than 90% of companies will use the cloud, with an estimated total spend of $1 trillion³.

It is a trend driven by the flexibility, scalability, and convenience of cloud services - which, in turn, brings with them some security concerns. In fact, the adoption of cloud services can increase the attack area, for example the overall exposure of the entire environment, in part because each new cloud service adds a potential access point. In addition, security settings in cloud services must be carefully configured by experienced technicians: misconfiguration or failure to configure can unintentionally expose data to breach risks. Finally, using cloud services means relying on external vendors to manage one’s most important resources -data- which may be located outside of one’s home country, leading to privacy concerns and potential breaches of information confidentiality.

Looking to the near future

Looking ahead to the next few years, one of the emerging technologies that will shape the cybersecurity landscape is undoubtedly quantum computing. Although current technologies are not yet ready for practical applications, investment and research in this area are growing rapidly: it is a market that has already reached $42 billion in investment and an estimated potential economic value of up to $2 trillion by 2035, according to McKinsey⁴.

The use of hardware and algorithms based on quantum mechanics to solve complex problems that classical computers or supercomputers cannot solve (or at least not fast enough) offers the potential to revolutionize digital systems, but also raises significant challenges in terms of cyber risks. For example, compared to traditional computers, the ability of quantum computers to break cryptographic protocols currently used to protect the privacy of information introduces an unprecedented threat.

Traditional cryptography is based on mathematical problems that require an enormous amount of computing resources to be solved. Currently, it is virtually impossible to break these codes by brute force (systematic attempts), even with the most advanced supercomputers. However, Shor’s algorithm, designed for quantum computers, has the potential to radically change this scenario. Shor’s algorithm is designed to factor large numbers in exponentially less time than traditional algorithms, directly threatening security. When a sufficiently powerful quantum computer becomes operational, it could break these cryptographic systems in a very short time.

CYBER CRIMES

Key Impacts of Generative Al for Chief Information Security Officers

Source Gartner

Consume

Multiple consumption options
Shadow Al
Data privacy and copyright
Defend With

Lack of maturity
Risks due to vendor rush
Privacy and efficacy challenges
Attacked By

Skill augmentation
Attack automation
Content generation
Build

Data theft/poisoning
No best practice
Upcoming regulation

The cybersecurity risks

Decryption of sensitive data: the ability of quantum computers to break RSA and similar cryptography could expose sensitive data protected by cryptographic codes. This could have a dramatic impact on the privacy and security of personal, financial and business information.
Disruption of security systems: many security systems, including those used to protect critical infrastructure and sensitive data, rely on cryptographic algorithms that are vulnerable to quantum attacks. Compromising these systems could threaten national and industrial security.
Exposure of historical data: even if a quantum computer is not yet available, data encrypted today could be at risk in the future. Attackers could collect encrypted data now and wait for quantum computers to become powerful enough to decrypt it.

Generali’s role in the era of digital transformation

In this context, Generali continues to invest in its own cybersecurity and in the protection of its customers’ data: from 2017 to the end of 2023, the company has centrally allocated about € 77 million and hired 29 new experts in the holding company alone to implement three security transformation plans involving all the countries in which it operates. The cyber resilience efforts and the development of advanced expertise to prevent, detect and respond to attack attempts by cyber criminals are aimed at ensuring that the company’s systems not only withstand attack attempts and disruptions, but are also able to recover quickly from attacks, minimizing the impact on operations and customers.

At the same time, as part of its “Lifetime Partner 24: Driving Growth” strategic plan, the company has invested more than €1 billion to support innovation and digital transformation, and to collect, process and leverage the full potential of data while ensuring the best possible digital service for customers, channel partners and internal users. A commitment that has allowed the Company to achieve its strategic goals, but also to effectively address emerging challenges, promote greater resilience and sustainability in the insurance landscape, and evolve with the changes of the digital age.

¹OECD Digital Economy Outlook 2024 (Volume 1) EMBRACING THE TECHNOLOGY FRONTIER, www.oecd.org/en/publications/oecd-digital-economy-outlook-2024-volume-1_a1689dc5-en.html.

²McKinsey Digital, Rewired and running ahead: Digital and AI leaders are leaving the rest behind, https://www.mckinsey.com/capabilities/mckinsey-digital/our-insights/rewired-and-running-ahead-digital-and-ai-leaders-are-leaving-the-rest-behind.

³The Future of Cloud: 2027 l Gartner IT Infrastructure, Operations & Cloud Strategies Conference.

⁴McKinsey Digital, Quantum Technology Monitor, April 2024 (mckinsey.com).

BACK TO INDEX

Who We Are

What we do

Sustainability

Work with us

Investors

Media

Governance